TYPO3 Core Multiple Security Vulnerabilities
TYPO3 is prone to multiple vulnerabilities, including SQL-injection, cross-site scripting, information-disclosure, frame- and session-hijacking, and shell-command-execution issues.
Note that exploits for some of the issues may require a valid backend login.
Successful exploits may allow attackers to:
- access or modify data
- exploit latent vulnerabilities in the underlying database
- obtain sensitive information
- gain unauthorized access to the affected application
- execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site
- hijack user sessions
- execute arbitrary commands in the context of the webserver process
A successful attack will compromise the application and may help in further attacks.
The issues affect the following TYPO3 versions:
4.0.13 and earlier
4.1.12 and earlier
4.2.9 and earlier
4.3.0beta1 and earlier